[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: LDAP v3 authentication

To: "'ietf-pkix@xxxxxxxxxx'" <ietf-pkix@xxxxxxxxxx>
Subject: FW: LDAP v3 authentication
From: Sharon Boeyen <sharon.boeyen@xxxxxxxxxxx>
Date: Fri, 5 Dec 1997 10:22:23 -0500

Let's make sure PKIX requirements (assuming we have some) are input to
this effort.
------------------
Sharon Boeyen                  
Entrust Technologies

mailto:boeyen@entrust.com       Tel: (613) 247-3181 
http://www.entrust.com          Fax: (613) 247-3690 
         Orchestrating Enterprise Security


>----------
>From: 	Harald.T.Alvestrand@uninett.no[SMTP:Harald.T.Alvestrand@uninett.no]
>Sent: 	December 5, 1997 9:23 AM
>To: 	ietf-asid@netscape.com
>Subject: 	LDAP is approved!
>
> 
>After a long discussion, the IESG has decided to approve LDAPv3.
>That's good news - BUT:
>
>The IESG also requested (as you can see) that the spec be supplemented
>as soon as possible with a Proposed Standard for mandatory-to-implement
>authentication in LDAPv3, so that one could approach the prospect
>of an Internet-accessible read-write directory with a joyous heart
>rather than with trepidation and noninteroperability.
>
>Congratulations - and let's start working!
>
>               Harald A
>
>

From: The IESG <iesg-secretary@ns.ietf.org>
To: Unknown User <Unknown User>
Cc: RFC Editor <rfc-editor@isi.edu>, Internet Architecture Board
	 <iab@isi.edu>, "ietf-asid@umich.edu" <ietf-asid@umich.edu>
Subject: Protocol Action: Lightweight Directory Access Protocol (v3) to Proposed Standard
Date: Fri, 5 Dec 1997 08:14:50 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit



The IESG has approved the following Internet-Drafts as Proposed
Standards:

 o Lightweight Directory Access Protocol (v3)
	 <draft-ietf-asid-ldapv3-protocol-09.txt>

 o Lightweight Directory Access Protocol (v3):  Attribute Syntax
   Definitions
	<draft-ietf-asid-ldapv3-attributes-08.txt>

 o Lightweight Directory Access Protocol (v3): UTF-8 String
   Representation of Distinguished Names
	<draft-ietf-asid-ldapv3-dn-04.txt>

 o The String Representation of LDAP Search Filters 
	<draft-ietf-asid-ldapv3-filter-03.txt> 

 o The LDAP URL Format <draft-ietf-asid-ldapv3-url-04.txt> 

 o A Summary of the X.500(96) User Schema for use with LDAPv3 
	<draft-ietf-asid-ldapv3schema-x500-04.txt> 

 These documents are the product of the Access, Searching and Indexing
 of Directories Working Group.  The IESG contact person(s) are Harald 
 Alvestrand & Keith Moore.


Technical Summary
 
   The protocol described in this document is designed to provide access
   to directories supporting the X.500 models, while not incurring the
   resource requirements of the X.500 Directory Access Protocol (DAP).

   It is an improvement over the earlier LDAP version 2 that includes
   consistent character set handling, cleaner security, the possibility
   of handing back referrals to other servers, and extensibility.


Working Group Summary

   The ASID WG had rough consensus on this set of documents, the
   roughness being mostly in the area of what functionality to include
   in or exclude from the core protocol.
   There was consensus on the selection presented here.

Protocol Quality

   The protocol has been reviewed for the IESG by Chris Weider and
   Harald Alvestrand. Multiple implementations exist of both clients
   and servers.


Note To RFC Editor:

The IESG requests the following note be included:

IESG NOTE: This document describes a directory access protocol that
provides both read and update access.  Update access requires secure
authentication, but this document does not mandate implementation
of any satisfactory authentication mechanisms.

In accordance with RFC 2026, section 4.4.1, this specification is
being approved by IESG as a Proposed Standard despite this limitation,
for the following reasons:

a. to encourage implementation and interoperability testing of
   these protocols (with or without update access) before they
   are deployed, and

b. to encourage deployment and use of these protocols in read-only
   applications.  (e.g. applications where LDAPv3 is used as
   a query language for directories which are updated by some
   secure mechanism other than LDAP), and

c. to avoid delaying the advancement and deployment of other Internet
   standards-track protocols which require the ability to query, but
   not update, LDAPv3 directory servers.

Readers are hereby warned that until mandatory authentication
mechanisms are standardized, clients and servers written according
to this specification which make use of update functionality are
UNLIKELY TO INTEROPERATE, or MAY INTEROPERATE ONLY IF AUTHENTICATION
IS REDUCED TO AN UNACCEPTABLY WEAK LEVEL.

Implementors are hereby discouraged from deploying LDAPv3 clients
or servers which implement the update functionality, until a
Proposed Standard for mandatory authentication in LDAPv3 has been
approved and published as an RFC.

Prev by Date: Character sets in PKIX and X.509 (RE: [IETF-PKIX] Objections to IPKI3CMP charset handling)
Next by Date: Re: [IETF-PKIX] OCSP v CRLs over HTTP
Previous by thread: Character sets in PKIX and X.509 (RE: [IETF-PKIX] Objections to IPKI3CMP charset handling)
Next by thread: I-D ACTION:draft-ietf-pkix-ocsp-01.txt
Index(es):
- Date
- Thread